Alcatel ADSL-Ethernet bridge Vulnerabilities

Executive Summary

Multiple vulnerabilities exist in the Alcatel Speed Touch ADSL "modem."
These vulnerabilities can allow an intruder to take complete control of
the device.
There is no way for the end user to disable these
"features."

A malicious attacker can:

Render the device inaccessable

Disable the device, temporarily or permanently (requiring return to the
manufacturer)

Install malicious code, such as a network sniffer for monitoring local LAN traffic or denial-of-service tools.
agent.

These vulnerabilities are the result of:

A "backdoor" allowing access to the system without any authentication even if the user has changes passwords on the device

A tftp server which (by definition) does not require authentication. This server can be used to discover and change passwords.